Ue-based network subscription management

ABSTRACT

Methods, systems, and devices for wireless communication are described. A user equipment (UE) may obtain identification information for a device and may assist in establishing credentials by which the device accesses a wireless network. The UE may establish a connection with the wireless network using its own credentials, and register the device to access the wireless network by associating the identification information for the device with the credentials of the UE. The UE may receive or establish credentials by which the device accesses the wireless network and may communicate these credentials to the device over a local connection. In some cases, the UE may authenticate the device&#39;s identification information to determine whether the device is allowed to be registered with the wireless network.

CROSS REFERENCES

The present Application for Patent is a Divisional of U.S. patentapplication Ser. No. 14/596,953 by Lee et al., entitled “UE-BasedNetwork Subscription Management,” filed Jan. 14, 2015, which claimspriority to U.S. Provisional Patent Application No. 62/025,398 by Lee etal., entitled “UE-Based Network Subscription Management,” filed Jul. 16,2014, and to U.S. Provisional Patent Application No. 62/025,777 by Leeet al., entitled “Associating a Device with Another Device's NetworkSubscription,” filed Jul. 17, 2014, which are each assigned to theassignee hereof, and expressly incorporated by reference herein.

BACKGROUND

The following relates generally to wireless communication, and morespecifically to associating a device with another device's networksubscription. Wireless communications systems are widely deployed toprovide various types of communication content such as voice, video,packet data, messaging, broadcast, and so on. These systems may bemultiple-access systems capable of supporting communication withmultiple users by sharing the available system resources (e.g., time,frequency, and power). Examples of such multiple-access systems includecode division multiple access (CDMA) systems, time division multipleaccess (TDMA) systems, frequency division multiple access (FDMA)systems, and orthogonal frequency division multiple access (OFDMA)systems, e.g., a Long Term Evolution (LTE) system.

Generally, a wireless multiple-access communications system may includea number of base stations, each simultaneously supporting communicationfor multiple mobile devices or other user equipment (UE) devices. Basestations may communicate with UEs on downstream and upstream links. Eachbase station has a coverage range, which may be referred to as thecoverage area of the cell. Some types of wireless devices may providefor automated communication. Some wireless devices may implementMachine-to-Machine (M2M) communication or Machine Type Communication(MTC). M2M and/or MTC may refer to data communication technologies thatallow devices to communicate with one another or a base station withouthuman intervention. For example, M2M and/or MTC may refer tocommunications from devices that integrate sensors or meters to measureor capture information and relay that information to a central server orapplication program that can make use of the information or present theinformation to humans interacting with the program or application.

In some cases, an MTC device or a UE may lack credentials for accessinga wireless network or it may lack the hardware necessary to support aparticular access procedure. For example, an MTC device may not have asmart card or a Universal Integrated Circuit Card (UICC).

SUMMARY

The described features generally relate to one or more improved systems,methods, and/or apparatuses for associating a device with anotherdevice's network subscription. A user equipment (UE) may obtainidentification information for a device and may assist in establishingcredentials by which the device accesses a wireless network. Forexample, the device may lack a smart card or UICC that storescredentials for accessing a cellular network. To help the device gainaccess, the UE may establish a connection with the wireless networkusing its own credentials, and register the device to access thewireless network with a network credential for the device that isdifferent from the UE's own credentials. The registration may includeassociating the identification information for the device with thecredentials of the UE. The UE may then receive or establish credentialsfor the device to access the wireless network and may provide those thecredentials to the device over a local connection. In some cases, the UEmay authenticate the device's identification information to determinewhether the device is allowed to be registered with the wirelessnetwork.

A method of wireless communication performed by a UE is described. Themethod may include obtaining identification information for a device,establishing a connection with a wireless network based on a networkcredential of the UE, and registering the device for access the wirelessnetwork for the device that is different from the network the networkcredential of the UE, where the registration may include associating theidentification information for the device with the network credential ofthe UE.

An apparatus for wireless communication is described. The apparatus maybe a UE or a component of a UE, as described herein. The apparatus mayinclude means for obtaining identification information for a device,means for establishing a connection with a wireless network based on anetwork credential of the apparatus, and means for registering thedevice that is different from the network credential of the apparatus,where the registration may include associating the identificationinformation for the device with the network credential of the apparatus.

A further apparatus for wireless communication is described. Theapparatus may be a UE or a component of a UE, as described herein. Theapparatus may include at least one processor, memory in electroniccommunication with the at least one processor, and instructions storedin the memory. The instructions may be operable, when executed by the atleast one processor, to cause the apparatus to obtain identificationinformation for a device, establish a connection with a wireless networkbased on a network credential of the apparatus, and register the devicefor access to the wireless network with a network credential that isdifferent from the network credential of the apparatus by associatingthe identification information for the device with the networkcredential of the apparatus.

A non-transitory computer-readable medium storing code for wirelesscommunication is also described. The code may include instructionsexecutable to obtain identification information for a device, establisha connection with a wireless network based on a network credential of aUE, and register the device for access to the wireless network with anetwork credential that is different from the network credential of theUE, by associating the identification information for the device withthe network credential of the UE.

Some examples of the methods, apparatuses, or computer-readable mediadescribed herein may include processes, features, means, or instructionsfor establishing a local communication link with the device, and theidentification information for the device may be obtained over the localcommunication link. Some examples may additionally or alternativelyinclude processes, features, means, or instructions for sending thenetwork credential for the device over the local communication link.

In some examples of the methods, apparatuses, or computer-readable mediadescribed herein, the network credential for the device includes atleast one of: a subscription identity associated with the networkcredential of the UE or apparatus, or a network identifier, or anycombination thereof. In some examples, the subscription identityincludes at least one of: a globally unique temporary identity (GUTI) oran international mobile subscriber identity (IMSI) of the UE orapparatus, or any combination thereof, and the network identifier mayinclude at least one of: a public key certificate of the network, apublic key of the network, or a public land mobile network (PLMN)identity, or any combination thereof. Additionally or alternatively, insome examples, the network credential for the device includes at leastone of: a shared key provisioned by a device manufacturer or aprivate-public key pair provisioned by a device manufacturer, or anycombination thereof

Some examples the methods, apparatuses, or computer-readable mediadescribed herein may include processes, features, means, or instructionsfor authenticating the identification information for the device by theUE or apparatus, and determining whether the device is allowed to beregistered with the wireless network. Additionally or alternatively,some examples may include processes, features, means, or instructionsfor sending an authentication request to a device authentication server.Some examples, may also include processes, features, means, orinstructions for receiving an authentication response from the deviceauthentication server, and authenticating the identification informationfor the device may be based on the authentication response.

Some examples the methods, apparatuses, or computer-readable mediadescribed herein may include processes, features, means, or instructionsfor sending the identification information to a home subscriber server(HSS) of the UE or apparatus via the connection with the wirelessnetwork. In some examples, obtaining the identification information forthe device may include at least one of: scanning a Quick Response (QR)code, utilizing a wireless personal area network (WPAN) connection,utilizing a universal serial bus (USB) link, utilizing a near fieldcommunication (NFC) link, utilizing a Wireless Local Area Network (WLAN)link, or accessing a uniform resource locator (URL), or any combinationthereof; and some examples of the methods, apparatuses, orcomputer-readable media described herein may include processes,features, means, or instructions for or operative to effect the same.Additionally or alternatively, in some examples, the identificationinformation for the device includes at least one of: a deviceidentifier, device parameters, a URL, a shared key of the device, apublic key of the device, or a public key certificate of the device, orany combination thereof

Some examples the methods, apparatuses, or computer-readable mediadescribed herein may include processes, features, means, or instructionsfor providing the wireless network with access restrictions for thedevice. In some examples, the access restrictions may include at leastone of: access time duration limits, time of use specifications, maximumbandwidth limits, service parameters, uplink throughput limits, ordownlink throughput limits, or any combination thereof.

In some examples, registering the device may include sending aregistration request for the device to the wireless network via theconnection; and some examples the methods, apparatuses, orcomputer-readable media described herein may include processes,features, means, or instructions for or operative to effect the same.Additionally or alternatively, some examples the methods, apparatuses,or computer-readable media described herein may include processes,features, means, or instructions for receiving a registrationacknowledgment responsive to the registration request from the wirelessnetwork via the connection.

In some examples of the methods, apparatuses, or computer-readable mediadescribed herein, the identification information for the device is of adifferent kind than the network credential of the UE or apparatus. Insome examples, the network credential of the

UE is maintained in a universal integrated circuit card (UICC) of the UEor apparatus or based on information obtained from a subscriber identitymodule (SIM) of the UE or apparatus. Additionally or alternatively,network credential of the UE or apparatus may be provisioned by anoperator of the wireless network and the identification information forthe device is established by a manufacturer of the device.

A further method for wireless communication is described. The method mayinclude establishing a connection with a UE over a local communicationlink, receiving credentials for accessing a wireless network from the UEover the local communication link, where the credentials for accessingthe wireless network are different from a network credential of the UE,and accessing the wireless network utilizing the received credentials.

A further apparatus for wireless communication is described. Theapparatus may be a device or a component of a device, as describedherein. The apparatus may include means for establishing a connectionwith a UE over a local communication link, means for receivingcredentials for accessing a wireless network from the UE over the localcommunication link, where the credentials for accessing the wirelessnetwork are different from a network credential of the UE, and means foraccessing the wireless network utilizing the received credentials.

A further apparatus for wireless communication is described. Theapparatus may be a device or a component of a device, as describedherein. The apparatus may include at least one processor, memory inelectronic communication with the at least one processor, andinstructions stored in the memory. The instructions may be operable,when executed by the at least one processor, to cause the apparatus toestablish a connection with a UE over a local communication link,receive credentials for accessing a wireless network from the UE overthe local communication link, where the credentials for accessing thewireless network are different from a network credential of the UE, andaccess the wireless network utilizing the received credentials.

A further non-transitory computer-readable medium storing code forwireless communication is also described. The code may includeinstructions executable to establish a connection with a UE over a localcommunication link, receive credentials for accessing the wirelessnetwork from the UE over the local communication link, where thecredentials for accessing the wireless network are different from anetwork credential of the UE, and access the wireless network utilizingthe received credentials.

Further scope of the applicability of the described methods andapparatuses will become apparent from the following detaileddescription, claims, and drawings. The detailed description and specificexamples are given by way of illustration only, since various changesand modifications within the scope of the description will becomeapparent to those skilled in the art.

BRIEF DESCRIPTION OF THE DRAWINGS

A further understanding of the nature and advantages of the presentdisclosure may be realized by reference to the following drawings. Inthe appended figures, similar components or features may have the samereference label. Further, various components of the same type may bedistinguished by following the reference label by a dash and a secondlabel that distinguishes among the similar components. If only the firstreference label is used in the specification, the description isapplicable to any one of the similar components having the same firstreference label irrespective of the second reference label.

FIG. 1 illustrates an example of a wireless communications system thatsupports associating a device with another device's network subscriptionin accordance with the present disclosure;

FIG. 2 illustrates additional aspects of a wireless communication systemthat supports associating a device with another device's networksubscription in accordance with the present disclosure;

FIG. 3 illustrates an exemplary call flow in which a device isassociated with another device's network subscription in accordance withthe present disclosure;

FIG. 4 shows a block diagram of an exemplary device configured accordingto the present disclosure;

FIG. 5 shows a block diagram of an exemplary device configured accordingto the present disclosure;

FIG. 6 shows a block diagram of an exemplary configured according to thepresent disclosure;

FIG. 7A illustrates a block diagram of an exemplary system that supportsassociating a device with another device's network subscription inaccordance with the present disclosure n;

FIG. 7B illustrates a block diagram of an exemplary system that supportsassociating a device with another device's network subscription inaccordance with the present disclosure;

FIG. 8 illustrates a method for associating a device with anotherdevice's network subscription;

FIG. 9 illustrates a method for associating a device with anotherdevice's network subscription;

FIG. 10 illustrates a method for associating a device with anotherdevice's network subscription; and

FIG. 11 illustrates a method for associating a device with anotherdevice's network subscription.

DETAILED DESCRIPTION

A user equipment (UE) may obtain identification information for a devicethat lacks credentials for accessing a wireless network. For example,the device may lack a smart card or UICC, and may not supportover-the-air provisioning procedures for accessing a cellular network.The UE may establish a connection with the wireless network using itsown credentials, and register the device to access the wireless networkby associating the identification information for the device with thecredentials of the UE. The UE may then receive or establish credentialsfor accessing the wireless network by which the device may obtainservice on the wireless network. These credentials may be communicatedto the device over a local connection. In some cases, the UE mayauthenticate the device's identification information to determine thatthe device is allowed to be registered with the wireless network. Byassociating the device with the subscriber identity of the UE, the UEmay enable the device to access the wireless network without requiringit to have a separate subscription.

The following description provides examples, and is not limiting of thescope, applicability, or configuration set forth in the claims. Changesmay be made in the function and arrangement of elements discussedwithout departing from the scope of the disclosure. Various embodimentsmay omit, substitute, or add various procedures or components asappropriate. For instance, the methods described may be performed in anorder different from that described, and various steps may be added,omitted, or combined. Also, features described with respect to certainembodiments may be combined in other embodiments.

FIG. 1 illustrates an example of a wireless communications system 100which supports associating a device with another device's networksubscription. The system 100 includes base stations 105, communicationdevices, also known as a user equipment user equipment (UE) 115, and acore network 130. The base stations 105 may communicate with the UEs 115under the control of a base station controller (not shown), which may bepart of the core network 130 or the base stations 105 in variousembodiments. Base stations 105 may communicate control informationand/or user data with the core network 130 through backhaul links 132.The core network may verify the access credentials of a UE 115, whichmay be associated with a subscription identity of the user. The operatorof the system 100 may offer subscription-based service such that ownersand/or users of UEs 115 (e.g., customers of the operator) may pay a feefor data sent and received via the system 100 utilizing their respectiveUEs 115. Thus, the operator of the system 100 may require each UE 115 tobe associated with a subscription before the UE 115 is authorized tosend or receive data via the system 100. The subscription may facilitatetracking of data sent and received via the system 100 so that theoperator of the system 100 is able to charge users based on system use.In some cases, this arrangement may be referred to as reverse billing anassociated subscription.

In some examples, the base stations 105 may communicate, either directlyor indirectly, with each other over backhaul links 134, which may bewired or wireless communication links. The system 100 may supportoperation on multiple carriers (waveform signals of differentfrequencies). Wireless communication links 125 may be modulatedaccording to various radio technologies. Each modulated signal may carrycontrol information (e.g., reference signals, control channels, etc.),overhead information, data, etc. A UE may also communicate with otherUE's or devices via a local connection 126. For example, a UE maycommunicate with a device via a local wireless connection (e.g., awireless local area network (WLAN) or Bluetooth) or via a wiredconnection.

The base stations 105 may wirelessly communicate with the UEs 115 viaone or more base station antennas. Each of the base station 105 sitesmay provide communication coverage for a respective geographic area 110.In some examples, base stations 105 may be referred to as a basetransceiver station, a radio base station, an access point, a radiotransceiver, a basic service set (BSS), an extended service set (ESS), aNodeB, evolved node B (eNB), Home NodeB, a Home eNodeB, or some othersuitable terminology. The coverage area 110 for a base station may bedivided into sectors making up only a portion of the coverage area (notshown. The system 100 may include base stations 105 of different types(e.g., macro, micro, and/or pico base stations). There may beoverlapping coverage areas for different technologies.

The system 100 may be a Heterogeneous Long Term Evolution (LTE)/LTE-Anetwork in which different types of base stations provide coverage forvarious geographical regions. For example, each base station 105 mayprovide communication coverage for a macro cell, a pico cell, a femtocell, and/or other types of cell. A macro cell generally covers arelatively large geographic area (e.g., several kilometers in radius)and may allow unrestricted access by UEs with service subscriptions withthe network provider. A pico cell would generally cover a relativelysmaller geographic area and may allow unrestricted access by UEs withservice subscriptions with the network provider. A femto cell would alsogenerally cover a relatively small geographic area (e.g., a home) and,in addition to unrestricted access, may also provide restricted accessby UEs having an association with the femto cell.

The core network 130 may communicate with the base stations 105 via abackhaul 132 (e.g., S1, etc.). The base stations 105 may alsocommunicate with one another, e.g., directly or indirectly via backhaullinks 134 (e.g., X2, etc.) and/or via backhaul links 132 (e.g., throughcore network 130). The wireless communications system 100 may supportsynchronous or asynchronous operation. For synchronous operation, thebase stations may have similar frame timing, and transmissions fromdifferent base stations may be approximately aligned in time. Forasynchronous operation, the base stations may have different frametiming, and transmissions from different base stations may not bealigned in time. The techniques described herein may be used for eithersynchronous or asynchronous operations.

The UEs 115 may be dispersed throughout the wireless communicationssystem 100, and each UE may be stationary or mobile. A UE 115 may alsobe referred to by those skilled in the art as a mobile station, asubscriber station, a mobile unit, a subscriber unit, a wireless unit, aremote unit, a mobile device, a wireless device, a wirelesscommunications device, a remote device, a mobile subscriber station, anaccess terminal, a mobile terminal, a wireless terminal, a remoteterminal, a handset, a user agent, a mobile client, a client, or someother suitable terminology. A UE 115 may be a cellular phone, a personaldigital assistant (PDA), a wireless modem, a wireless communicationdevice, a handheld device, a tablet computer, a laptop computer, acordless phone, a wireless local loop (WLL) station, or the like. A UEmay be able to communicate with macro eNBs, pico eNBs, femto eNBs,relays, and the like.

Some UEs 115 may be MTC devices, such as those designed to collectinformation and communicate without human intervention. Examples ofapplications for MTC devices include smart metering, inventorymonitoring, water level monitoring, equipment monitoring, healthcaremonitoring, wildlife monitoring, weather and geological eventmonitoring, fleet management and tracking, remote security sensing,physical access control, and transaction-based business charging. Insome cases, despite being equipped to operate in the system 100, MTCdevices may be configured without a smart card, UICC or other subscriberidentity module (SIM)-based credentials. For instance, an MTC device,such as a remote monitoring device, may lack a physical SIM circuit(e.g., a smart card or UICC) or support for over-the-air provisioning.

The communication links 125 shown in system 100 may include uplink (UL)transmissions from a UE 115 to a base station 105, and/or downlink (DL)transmissions, from a base station 105 to a UE 115 over DL carriers. Thedownlink transmissions may also be called forward link transmissionswhile the uplink transmissions may also be called reverse linktransmissions.

According to the present disclosure, a UE 115-a may obtainidentification information for a device 115-b that lacks credentials foraccessing the wireless network. As shown, device 115-b is an MTC-capableparking meter which may not have a separate subscription to the wirelessnetwork. For example, due to a simplified design, device 115-b may lackhardware support for accessing a cellular network, it may not beprovisioned with access credentials by the network operator, etc. Asdisclosed herein, UE 115-a may establish a connection with the wirelessnetwork based on its own network credentials and register device 115-bfor service. For example, UE 115-a may associate identificationinformation for device 115-b with its own credentials and may establishcredentials for the device 115-b to use to obtain service over thewireless network. The credentials for the device may be different kindthan the credentials of the UE. That is, the UE may not share its ownnetwork credentials with the device to be added to its subscription listof the UE 115-a but may instead aid the network in establishingcredentials that are suitable for the device's particular capabilities.UE 115-a may thus be capable of registering many devices with thewireless network based on its existing subscription and may assist thewireless network with authentication, access restrictions, etc.

FIG. 2 illustrates additional aspects of a wireless communicationssystem 200 that supports associating a device with another device'snetwork subscription. The wireless communications system 200 may includea UE 115-c that has access credentials for accessing a wireless networkand an a device 115-d (e.g., an MTC device) that lacks credentials foraccessing the wireless network. UE 115-c and device 115-d may beexamples of UEs and devices 115 described with reference to FIG. 1.System 200 may also include a base station 105-a with coverage area110-a that may facilitate communication between a core network 130-a andUE 115-c. According to aspects of the present disclosure, after UE 115-chas successfully registered device 115-d, device 115-d may communicatewith core network 130-a and obtain service over wireless communicationssystem 200. Core network 130-a may include a mobility management entity(MME) 205 and a home subscriber server (HSS) 210. Base station 105-a andcore network 130-a may be examples of the corresponding components ofsystem 100 described with reference to FIG. 1.

By way of example, the device 115-d may be one of several similardevices configured to operate within the systems 100 and 200. Forexample, the device 115-d may be one of several hundreds (or severalthousands) of parking meters operated by a municipality. Themunicipality may seek to wirelessly monitor and control aspects ofparking meter operation within the city. Accordingly, each parking metermay be configured for wireless communications (e.g., MTC communicationdescribed above), and the communications systems and circuitry of eachparking meter (e.g., device 115-d) may be as simple as possible. Forinstance, the device 115-d may be equipped with the minimum processingand radio frequency (RF) componentry necessary to facilitate theintermittent communication required by the municipality. Such devicesmay be described herein as low-cost and/or limited complexity devices.This may allow the municipality to maintain relatively low-cost,low-maintenance, reliably connected devices. The device 115-d may thusbe configured without necessary hardware or processing capability toindependently establish a subscription to the network 130-a.

Under a subscriber-based network access model, as discussed above, a UE115 may be required to have credentials to access a network. Often, thismay require a specific provisioning procedure for each device. Even withstandardized over-the-air (OTA) provisioning, such as embedded SIM (eSIMor virtual SIM) provisioning, the hardware required to implement suchprocedures may create cost-prohibitive barriers to enabling suchlow-cost or low-complexity devices to operate on cellular networks.Moreover, even with the added cost of hardware, it may be impractical torequire a separate subscription in order for each low-cost device toaccess the wireless network. Thus, the existing subscription-basedservice model may be in tension with, and an impediment to, thewidespread implementation of low-cost MTC or other reduced complexitydevices.

Instead of separate subscriptions or additional device capabilities, themunicipality and/or operator of the wireless communications systems 100and 200 (e.g., cellular service provider) may prefer to associatenumerous (or all) parking meters within the city limits with a singlesubscription maintained by the municipality. For example, themunicipality may wish to account and pay for some or all wireless datausage associated with a parking program. It may therefore be desirableto associate parking meters to a single subscription; and themunicipality may wish to frequently change the number and identity ofdevices associated with the subscription. For instance, the municipalitymay add several new parking meters, or it may decommission severalmeters, as areas within a parking enforcement zone expand or contract.In order to readily facilitate the addition of new devices to themunicipality's subscription, it may be beneficial to allow devices to beassociated with the subscription by an employee of the municipality, andwithout additional coordination by the operator of the systems 100 and200 (e.g., cellular service provider). For example, an employee mayutilize a municipality-issued smartphone (e.g., UE 115-c) to associateparking meters (e.g., device 115-d) as needed.

Those skilled in the art will recognize that aspects of the presentdisclosure may be beneficial in other scenarios as well. For example,electric, gas, and/or water utilities may frequently add and removemetering equipment within their service territory. Accordingly, device115-d may be a utility meter that may be associated with a utility'ssubscription utilizing UE 115-c. That is, a utility employee mayassociate various meters with a common subscription while servicingutility-owned equipment. In other examples, wildlife monitoring devices(e.g., cameras) may be placed in remote locations; thus, device 115-dmay be a wildlife monitoring device that may be associated with anorganization's subscription utilizing UE 115-c. For instance, UE 115-cmay be a smartphone owned by, and having a subscription registered tothe organization, and a volunteer may utilize UE 115-c to associatedevice 115-d with the organization's subscription.

As another example, a user may purchase a new device 115-d withcapabilities for cellular network service and may wish to add the device115-d to their cellular subscription. To obtain service, the user mayregisters the device 115-d with the network operator under their ownsubscription, e.g., under a subscription model where the consumer in thenetwork pays for data sent to/from the device, i.e., reverse billing toan associated subscription. The registration may be enabled in a varietyof ways, e.g., the registration may be automated by the user scanning aQuick Response (QR) code on the device 115-d or the device packaging.Alternatively, the user may manually enter the information. This mayresult in simplified subscription management and billing for the user toenable multiple devices 115. In some cases, a device 115-d may be addedwithout any coordination with the operator except to register the deviceto a subscription.

MME 205 may be a key network node for exchanging control informationwith UEs 115. For example, MME 205 may be involved in the networkconnection activation/deactivation process and may also be involved inauthenticating a UE 115 interacting with HSS 210. Non Access Stratum(NAS) signaling—which may be used for the authorization andestablishment of communication sessions and for maintaining continuouscommunications with UEs 115 as they move—may be initiated and/ordirected at MME 205. MME 205 may also allocate a temporary identity toUE 115. For example, MME 205 may allocate a globally unique temporaryidentity (GUTI) to a UE 115 that includes identification information forMME 205 as well as a temporary identity for a UE 115. A GUTI mayminimize the frequency with which a persistent identity, e.g., aninternational mobile subscriber identity (IMSI), is transmitted withinthe network. MME 205 may also check whether a UE 115 is authorized tocamp on a service provider's Public Land Mobile Network (PLMN), and maymanage security keys for NAS signaling such as attachment procedures forUEs 115 and handles the security key management.

HSS 210 may be a central database for user and subscription relatedinformation. The functions of HSS 210 may include mobility management,call and session establishment support, user authentication and accessauthorization. HSS 210 may be co-located or in communication with anAuthentication Center (AuC), not shown. HSS 210, or another networkentity may store a device subscription list, which may be a list ofdevices 115 and/or groups of devices 115 stored in the network. Eachdevice entry may contain the device IDs and other information associatedwith the subscriber. For example, the list may include a name for eachdevice 115, which may be an identifier for a device 115 and which mayindicate a device type (e.g. device@thermostat). It may also include adevice ID, e.g., a globally unique link-layer identifier identifying thedevice 115 such as an international mobile station equipment identifier(IMEI) an extended unique identifier (EUI), or a MAC address. The listmay also include one or more device group IDs, e.g., a globally uniquelink-layer identity that identifies a group of devices to associate witha subscription. In some cases, a device identifier may also be a MobileSubscriber Integrated Services Digital Network-Number (MSISDN), or anetwork access identifier (NAI).

According to aspects of the present disclosure, UE 115-c may establish aconnection with a wireless network in part by exchanging its credentialsand identity verification information with MME 205 and HSS 210 in corenetwork 130-a. UE 115-c may obtain identification information fromdevice 115-d and register device 115-d with core network 130-a over theconnection. Upon successful registration, identification information ofdevice 115-d may be associated with the subscription information of UE115-c in core network 130-a, so that device 115-d may subsequentlyaccess the wireless network, even if device 115-d lacks sufficientcredentials to access the wireless network without being associated withthe subscription identity of UE 115-c (e.g., even if device 115-d lacksSIM capabilities). In some examples, device 115-d may, after beingregistered, access the wireless network with limited assistance of UE115-c. In other cases, device 115-d may, after being registered, accessthe wireless network without assistance from UE 115-c. In some examples,after registration, device 115-d may access the wireless networkindependently.

The registration process may be performed by a device subscriptionapplication the network operator provides with UE 115-c. A devicesubscription application may host functions for provisioning a list ofdevices with an existing subscription by providing a user interface tothe subscriber. For example, choices for the user interface to thedevice subscription application may include a Hypertext TransferProtocol (HTTP)-based interface. That is, the interface may be a devicesubscription menu tab included in a web page the subscriber may use tocontrol other aspects of their account such as billing. In anotherexample, the device subscription application may be a mobileapplication. For example, it may be an application on the UE115-c usedby the subscriber similar to a contact list or an address book. Thedevice subscription application may update the device subscription listassociated with a subscription stored in the network by the HSS 210 whena device is added or removed.

FIG. 3 illustrates an example of a call flow 300 for associating adevice 115-e with another device's subscription in accordance withvarious embodiments. Call flow 300 may include operations performed by adevice 115-e that lacks credentials for network access, and UE 115-fthat has access credentials. For example, UE 115-f may be associatedwith a subscription, while device 115-e may not; and device 115-e may beunable to access the network without participation by the UE 115-f.Device 115-e and UE 115-f may be examples of UEs and devices 115described with reference to FIGS. 1-2. Call flow 300 may includeoperations performed by a MME 205-a and an HSS 210-a, which may beexamples of the corresponding components of system 200 described withreference to FIG. 2.

In some cases, prior to initiating the operations depicted by call flow300, UE 115-f may establish a local communication link with the device115-e to obtain identification information for device 115-e. Forexample, UE 115-f may establish a connection with device 115-e utilizinga wireless personal area network (WPAN) connection, utilizing auniversal serial bus (USB) link, utilizing a near field communication(NFC) link, a Bluetooth connection, or a Wireless Local Area Network(WLAN) link.

UE 115-f may then obtain identification information 305 for device115-e. In some examples, obtaining the identification information fordevice 115-e is performed using a local communication link as describedabove, and in other cases the identification information may be obtainedwithout a local communication link. For example, information may beobtained by scanning a Quick Response (QR) code, accessing a uniformresource locator (URL), or by entering information printed on device115-e or the associated documentation. Identification information mayinclude a serial number of the device 115-e, an international mobilestation equipment identity (IMEI), a unique device identifier (UDID),information related to the capabilities of device 115-e, informationrelated to the device manufacturer, or other identification information.

The UE 115-f may establish a connection 310 with a wireless networkbased on a network credential. For example, UE 115-f may send an attachrequest via a base station 105 to MME 205-a. In some cases, UE 115-f maysend a temporary identity (e.g., a GUTI) with the attach request. If theGUTI was issued by MME 205-a, it may have information about UE 115-fstored in memory. In other cases, MME 205-a may communicate with anotherMME 205 identified by the GUTI to obtain identification and securityinformation for UE 115-f. If MME 205-a does not have the informationstored and is unable to retrieve it from another MME 205, the MME 205-amay request that UE 115-f provide the IMSI so that a new GUTI may begenerated. UE 115-f may also exchange security keys and/or certificateswith MME 205-a and/or HSS 210-a (via MME 205-a) to verify its identity.One or more security keys may be provided by the operator of the networkto the UE 115-f, and may be stored in a SIM card, smart card, or UICC inthe UE 115-f. MME 205-a may then proceed to create a network session forUE 115-f by communicating with a serving gateway (SGW) (not shown),which may facilitate exchange of user plane data for UE 115-f. In somecases, network connection 310 is established prior to UE 115-f obtainingidentification information from device 115-e.

The UE 115-f may register the device 115-e to access the wirelessnetwork for service over the connection; the registration 315 mayinclude associating the identification information for the device withthe network credential of the UE 115-f. The registration may involvesending a request including the identification information of the device115-e to HSS 210-a via MME 205-a. In some examples, the identificationinformation for the device 115-e may be of a different kind than thenetwork credential of the UE 115-f. For example, the network credentialof the UE 115-f may be maintained in a UICC, whereas device 115-e maylack the UICC. In some examples, the network credential of the UE 115-fmay be provisioned by an operator of the wireless network and theidentification information may be established by a manufacturer of thedevice. In some cases, the network credential of the UE 115-f mayrepresent a higher level of security or trust than the identificationinformation for the device 115-e. For example, the identificationinformation for the device 115-e may not include security keys providedby the network operator. In some examples, the identificationinformation for the device includes a device identifier, deviceparameters, a URL, a shared key of the device, a public key of thedevice, or a public key certificate of the device.

In some examples, a device subscription application on UE 115-f maycommunicate with HSS 210-a to update the subscriber's devicesubscription list stored in the HSS 210-a. The device subscriptionapplication may access a specific HSS 210 associated with the subscriberin order to update the device subscription list. In some cases, if apublic key of device 115-e is signed by the manufacturer, the devicesubscription application may also obtain the manufacture's public keythrough a secure channel. In another example, UE 115-e may use amanufacturer's certificate signed by a trusted third party such asVerisign. In this case, the manufacturer's public key may not betransferred through a secure channel. The device subscriptionapplication may then send a subscription update message that includesthe identification information for device to HSS 210-a along with thesubscriber's identity.

HSS 210-a and/or MME 205-a or other network entities may then update thesubscription information of UE 115-f to include an association 320between the user information for UE 115-f and device 115-e. For example,an association may be created between a UDID of device 115-e and an IMSIof UE 115-f. In some cases, association 320 may be created based on anauthentication of the UE 115-f. For example, association 320 of UE 115-fand device 115-e may be permissible based on the registration requestbeing performed by an authenticated UE 115-f communicating over atrusted connection. A registration request transmitted via an externalnetwork, e.g., via the internet, may be rejected. Adding or removingdevice 115-e may be subject to approval by the operator. For example, anetwork operator may determine whether to approve the device 115-e basedon a subscription type, billing models, roaming agreements etc.

In some cases, e.g., if the device credential is a secret key, HSS 210-amay compute a device specific session key using a well-known keyderivation function (e.g., a hash message authentication code (HMAC) orsecure hash algorithm (SHA) 256) and include it in the updated devicesubscription list. Then, HSS 210-a may send the updated devicesubscription list, along with the device keys, session keys, and a nonce(arbitrary number) to MME 205-a. The nonce may be provided to the deviceduring the serving network authentication of the device so that thedevice can derive the same device session keys. If the device credentialis a public key, HSS 210-a may send the updated device subscription listand the public key to MME 205-a.

If the association 320 is successful, HSS 210-a (or, in some cases, MME205-a or another network entity) may send a confirmation message 325 toUE 115-f. The confirmation message 325 may include credentials fordevice 115-e to use for accessing the wireless network. For example, theconfirmation message 325 may include a network credential for device115-e to use for access. This network credential may be different fromthe network credential of the UE. The network credential may include atleast one of a shared key provisioned by a device manufacturer or aprivate-public key pair provisioned by a device manufacturer. That is,the UE may obtain credentials for the device to access the wirelessnetwork, and those credentials may be different from the networkcredential utilized by the UE 115-f to establish a network connection.The UE may therefore not share its own network credential with thedevice to be added to its subscription list stored in HSS. Allowingdevice 115-e to utilize a different network credential may provide for ameasure of security that simply sharing the UE's 115-f networkcredential might not. For instance, if device 115-e accesses the networkwith its own network credential, and if the security of device 115-e iscompromised after it has been associated with the UE's 115-fsubscription, the privacy of UE's 115-f's network credential may remainintact because device 115-e may not have access to the UE's 115-fcredential. Further, the device 115-e can access, with its owncredential, an out-of-band network (e.g., non-cellular network) that isdifferent from a UE's serving network (e.g., cellular network) withoutrelying on a UE's credential.

UE 115-f may then send credentials for accessing the wireless network330 for the network to the device 115-e over the local communicationlink. The credentials for accessing the wireless network 330 may, asdiscussed, be different from the network credential of the UE. In someexamples, the credentials for accessing the wireless network 330 mayinclude the network credential, a network list, a subscription identityassociated with the network credential of the UE or a networkidentifier. The network credential may include at least one of a sharedkey provisioned by a device manufacturer or a private-public key pairprovisioned by a device manufacturer. In some examples, UE 115-f mayestablish access restrictions for device 115-e by communicating with oneor more network entities (e.g., MME 205-a or HSS 210-a). For example, UE115-f may restrict the frequency, duration, or location that device115-e may be allowed to access the wireless network. In some examples,the access restrictions include access time duration limits,quality-of-service (QoS) parameters, traffic type restrictions, time ofuse specifications, an expiry time, maximum bandwidth limits, serviceparameters, uplink throughput limits, or downlink throughput limits.Thus, the credentials for accessing the wireless network 330 may includeinformation to facilitate device 115-e connecting to the wirelessnetwork and may also indicate access restrictions.

In some cases, UE 115-f may authenticate the identification informationfor the device 115-e. This may enable UE 115-f to determine that device115-e is allowed to be registered with the wireless network. Forexample, UE 115-f may send an authentication request to a deviceauthentication server (e.g., a server operated by the devicemanufacturer). This authentication request may be transmitted over thenetwork connection (or another communications link) and through theinterne. UE 115-f may wait to receive an authentication response fromthe device authentication server prior to registering the device 115-e.If device 115-e cannot be authenticated, UE 115-f may abort theregistration. In some cases, UE 115-f may include and run a devicesubscription application that UE 115-f, and a user of UE 115-f, mayutilize for managing devices associated with UE's 115-f subscription. UE115-f may authenticate device 115-e before allowing it to be added tothe device subscription application.

When device 115-e has received the credentials for accessing thewireless network 330, it may then establish a network connection 335based on the association 320 of the device identification informationand the subscription identity of the UE 115-f. For example, device 115-emay send an attach request to MME 205-a. However, the attach procedurefor device 115-e may differ from the attach procedure for UE 115-f. Forexample, the network may allow device 115-e to establish a connectionwithout performing a security authentication procedure that requireskeys stored on a UICC or with a SIM. Also, network connection 335 may besubject to access restrictions established by UE 115-f. In some cases,UE 115-f may alter the security restrictions. For example, the user maycommunicate with the network operator, e.g., by accessing an applicationon UE 115-f or by utilizing an web interface of the network operator.

In some cases, the network may implement security procedures based on adevice credential other than a UICC, such as the public key orcertificate of the device 115-f. In one example, if such a public key isavailable, a device ID may be defined as the hash of the device's publickey. In some cases, a device public key may be signed by a trusted thirdparty (e.g., Verisign or IANA) and may be available in the form of aX.509 certificate.

The subscriber for UE 115-f may also remove device 115-e from the devicesubscription list by deselecting the associated device ID from thedevice subscription application. A deregistration request may be sent toHSS 210-a and optionally to MME 205-a utilizing the same call path asthe registration. If the deregistration is successful, the devicesubscription application on UE 115-f, HSS 210-a and MME 205-a may removedevice 115-e from the subscriber's device subscription list, and the MME205-a deletes security and other contexts associated with device 115-e.

FIG. 4 shows a block diagram 400 of a UE 115-g configured forassociating a device with another device's network subscription. The UE115-g may be an example of one or more aspects of a UE 115 describedwith reference to FIGS. 1-3. The UE 115-g may also be referred to as anapparatus or a device. The UE 115-g may include a receiver 405, a deviceassociation module 410, and/or a transmitter 415. The UE 115-g may alsoinclude a processor. Each of these components may be in communicationwith each other.

The components of the UE 115-g may, individually or collectively, beimplemented with at least one application specific integrated circuit(ASIC) adapted to perform some or all of the applicable functions inhardware. Alternatively, the functions may be performed by one or moreother processing units (or cores), on at least one IC. In otherembodiments, other types of integrated circuits may be used (e.g.,Structured/Platform ASICs, a field programmable gate array (FPGA), oranother Semi-Custom IC), which may be programmed in any manner known inthe art. The functions of each unit may also be implemented, in whole orin part, with instructions embodied in a memory, formatted to beexecuted by one or more general or application-specific processors.

The receiver 405 may receive information such as packets, user data,and/or control information associated with various information channels(e.g., control channels, data channels, etc.). Information may be passedon to the device association module 410, and to other components of theUE 115-g. For example, receiver 405 may receive messages from a corenetwork 130 via a base station 105 relevant to registering a device withthe network.

The device association module 410 may be configured to obtainidentification information for a device that lacks access credentials.The device association module 410 may also be configured to establish aconnection with a wireless network based on a network credential of theUE 115-g. The device association module 410 may be configured toregister the device for to access the wireless network over theconnection, and the registration may include associating theidentification information for the device with the network credential ofthe UE 115-g.

The transmitter 415 may transmit the one or more signals received fromother components of the UE 115-g. For example, transmitter 415 maytransmit messages to a core network 130 (FIGS. 1 and 2) via a basestation 105 (FIGS. 1 and 2) relevant to registering a device with thewireless network. In some examples, the transmitter 415 may becollocated with the receiver 405 in a transceiver module. Thetransmitter 415 may include a single antenna, or it may include severalantennas.

FIG. 5 shows a block diagram 500 of a UE 115-h configured forassociating a device with another device's network subscription. The UE115-h may be an example of one or more aspects of a UE 115 describedwith reference to FIG. 1-4. The UE 115-g may also be referred to as anapparatus or a device. The UE 115-h may include a receiver 405-a, adevice association module 410-a, and/or a transmitter 415-a. The UE115-h may also include a processor and memory. Each of these componentsmay be in communication with each other. The device association module410-a may also include a device identification module 505, a connectionestablishment module 510, and a registration module 515.

The components of the UE 115-h may, individually or collectively, beimplemented with at least one ASIC adapted to perform some or all of theapplicable functions in hardware. Alternatively, the functions may beperformed by one or more other processing units (or cores), on at leastone IC. In other embodiments, other types of integrated circuits may beused (e.g., Structured/Platform ASICs, an FPGA, or another Semi-CustomIC), which may be programmed in any manner known in the art. Thefunctions of each unit may also be implemented, in whole or in part,with instructions embodied in a memory, formatted to be executed by oneor more general or application-specific processors.

The receiver 405-a may receive information which may be passed on to thedevice association module 410-a, and to other components of the UE115-h. The device association module 410-a may be configured to performthe operations described above with reference to FIG. 4. The transmitter415-a may transmit the one or more signals received from othercomponents of the UE 115-h.

The device identification module 505 may be configured to obtainidentification information for a device as described above withreference to FIG. 3. In some cases, the device lacks access credentialsfor a wireless network. In some examples, the identification informationfor the device may be of a different kind than the network credential ofthe UE 115-h. In some examples, obtaining the identification informationfor the device over the local communication link may include at leastone of scanning a Quick Response (QR) code, utilizing a wirelesspersonal area network (WPAN) connection, utilizing a universal serialbus (USB) link, utilizing a near field communication (NFC) link,utilizing a Wireless Local Area Network (WLAN) link, or accessing auniform resource locator (URL). In some examples, the identificationinformation for the device includes at least a device identifier, deviceparameters, a URL, a shared key of the device, a public key of thedevice, or a certificate of the device.

The connection establishment module 510 may be configured to establish aconnection with the wireless network based on a network credential ofthe UE 115-h as described above with reference to FIG. 3. For example,connection establishment module 510 may be configured to perform anattach procedure. In some examples, connection establishment module 510establishes a connection in coordination with a UICC (e.g., as describedbelow).

The registration module 515 may be configured to register the device toaccess the wireless network over the connection as described above withreference to FIG. 3. In some cases, the registration includesassociating the identification information for the device with thenetwork credential of the UE 115-h. The registration module 515 may alsobe configured to send the identification information to a homesubscriber server (HSS) of the UE 115-h via the connection. Theregistration module 515 may also be configured to provide the wirelessnetwork with access restrictions for the device. In some examples, theaccess restrictions include access time duration limits, time of usespecifications, maximum bandwidth limits, service parameters, uplinkthroughput limits, and/or downlink throughput limits. In some examples,registering the device at the wireless network includes sending aregistration request for the device to the network via the connection.The registration module 515 may also be configured to receive aregistration acknowledgment for the device from the network via theconnection.

FIG. 6 shows a block diagram 600 of a device association module 410-bconfigured for associating a device with another device's networksubscription. The device association module 410-b may be an example ofone or more aspects of a device association module 410 described withreference to FIGS. 4 and 5. The device association module 410-b mayinclude a device identification module 505-a, a connection establishmentmodule 510-a, and a registration module 515-a. Each of these modules mayperform the functions described above with reference to FIG. 5. Thedevice identification module 505-a may further include a localcommunication module 605. The registration module 515-a may furtherinclude an authentication module 610.

The components of the device association module 410-b may, individuallyor collectively, be implemented with at least one ASIC adapted toperform some or all of the applicable functions in hardware. In someexamples, the functions may be performed by one or more other processingunits (or cores), on at least one IC. In other examples, other types ofintegrated circuits may be used (e.g., Structured/Platform ASICs, anFPGA, or another Semi-Custom IC), which may be programmed in any mannerknown in the art. The functions of each unit may also be implemented, inwhole or in part, with instructions embodied in a memory, formatted tobe executed by one or more general or application-specific processors.

The local communication module 605 may be configured to establish alocal communication link with the device as described with reference toFIG. 3. In some cases the identification information for the device isobtained over the local communication link. The local communicationmodule 605 may also be configured to send credentials for accessing thewireless network to the device over the local communication link, andthe credentials for accessing the wireless network may be different fromthe network credential of, e.g., the UE 115-h (FIG. 5); and thecredentials for accessing the wireless network may facilitate access tothe wireless network by the device. In some examples, the credentialsfor accessing the wireless network include a network credential, anetwork list, a subscription identity associated with the networkcredential of the UE and/or a network identifier. In some cases, thesubscription identity include a globally unique temporary identity(GUTI) or an international mobile subscriber identity (IMSI) of the UEand the network identifier comprises a network certificate, a publickey, or a public land mobile network (PLMN) identity. The networkcredential may include at least one of a shared key provisioned by adevice manufacturer or a private-public key pair provisioned by a devicemanufacturer.

The authentication module 610 may be configured to authenticate theidentification information for the device by the UE 115 as describedwith reference to FIG. 3. The authentication module 610 may also beconfigured to determine whether the device is allowed to be registeredwith the wireless network. Additionally or alternatively, theauthentication module 610 may be configured to send an authenticationrequest to a device authentication server. The authentication module 610may also be configured to receive an authentication response from thedevice authentication server, and authenticating the identificationinformation for the device may be based on the authentication response.

FIG. 7A shows a diagram of a system 701 for associating a device withanother device's network subscription. System 701 may include a UE115-i, which may be an example of a UE 115 with a network credentialdescribed with reference to FIGS. 1-6. The UE 115-i may include a deviceassociation module 710, which may be an example of a device associationmodule described with reference to FIGS. 4-6. The UE 115-i may alsoinclude a UICC 725. The UE 115-i may include components forbi-directional voice and data communications, including components fortransmitting communications and components for receiving communications.For example, UE 115-i may communicate with a base station 105-b and/or adevice 115-j (e.g., over a local communications link, which may or maynot be a wireless link). The device 115-j may be an MTC device, asdescribed above. In some examples, the device 115-j is a device asdescribed with reference to FIG. 7B.

The UICC 725 may be an integrated circuit that securely storessubscriber information, including the international mobile subscriberidentity (IMSI) and the related keys used to identify and authenticateUE 115-i. UICC 725 may also contain a unique serial number, e.g., anintegrated circuit card ID (ICCID), security authentication andciphering information, temporary information related to the localnetwork, a list of the services, a personal identification number (PIN),and a personal unblocking code (PUK) for PIN unlocking. In some cases,UICC 725 may be a circuit embedded in a removable plastic card.

The UE 115-i may also include a processor module 705-a, and memory 715(including software (SW)) 720-a, a transceiver module 735-a, and one ormore antenna(s) 740-a, which each may communicate, directly orindirectly, with each other (e.g., via one or more buses 745-a). Thetransceiver module 735-a may be configured to communicatebi-directionally, via the antenna(s) 740-a and/or one or more wired orwireless links, with one or more networks, as described above. Forexample, the transceiver module 735-a may be configured to communicatebi-directionally with a base station 105-b. The transceiver module 735-amay include a modem configured to modulate packets and provide themodulated packets to the antenna(s) 740-a for transmission, and todemodulate packets received from the antenna(s) 740-a. While the UE115-i may include a single antenna 740-a, the UE 115-i may also havemultiple antennas 740-a capable of concurrently transmitting and/orreceiving multiple wireless transmissions. The transceiver module 735-amay also be capable of concurrently communicating with one or more basestations 105.

The memory 715-a may include random access memory (RAM) and read onlymemory (ROM). The memory 715-a may store computer-readable,computer-executable software/firmware code 720-a containing instructionsthat are configured to, when executed, cause the processor module 705-ato perform various functions described herein (e.g., obtainingidentification information, establishing a connection with the wirelessnetwork, registering the device, etc.). Alternatively, thesoftware/firmware code 720-a may not be directly executable by theprocessor module 705-a but may be configured to cause a computer (e.g.,when compiled and executed) to perform functions described herein. Theprocessor module 705-a may include an intelligent hardware device, e.g.,a CPU, a microcontroller, an ASIC, etc.

FIG. 7B shows a diagram of a system 702 which supports associating adevice with an existing UE subscription. System 702 may include a device115-k, which may be an example of a device 115 that lacks a networkcredential as described with reference to FIGS. 1-6. In some examples,the device 115-k is an MTC device, which may be a low-cost or limitedcomplexity MTC device described above. For example, device 115-k maylack a UICC or support for over-the-air provisioning or other SIM-basedprocedures. Device 115-k may include a device connection module 745 anda device access module 750. Device 115-k may also include components forbi-directional data communications including components for transmittingcommunications and components for receiving communications. For example,device 115-k may communicate with a base station 105-c using credentialsfor accessing the wireless network provided by UE 115-l, which may be anexample or a UE 115 with a network credential as described above withreference to FIGS. 1-6.

The device connection module 745 may be configured to establish aconnection with a UE 115-l over a local communication link as describedabove with reference to FIG. 3. The device access module 750 may beconfigured to receive credentials for accessing the wireless networkfrom the UE 115-l over the local communication link as described abovewith reference to FIG. 3. In some cases, the credentials for accessingthe wireless network are different from the network credential of the UE115-l, and the credentials for accessing the wireless network mayfacilitate network access by the device 115-k according to itscapabilities, etc. The device access module 750 may also be configuredto access the wireless network utilizing the received credentials. Forexample, device 115-k may access the wireless network via a connectionwith base station 105-c.

The device 115-k may also include a processor module 705-b, and memory715-b (including software (SW)) 720-b, a transceiver module 735-b, andone or more antenna(s) 740-b, which may perform the functions of thecorresponding components described above with reference to FIG. 7A. Thememory 715-b may store computer-readable, computer-executablesoftware/firmware code 720-b containing instructions that are configuredto, when executed, cause the processor module 705-b to perform variousfunctions described herein (e.g., communicate with a UE 115, access anetwork utilizing parameters received from a UE 115, etc.).Alternatively, the software/firmware code 720-b may not be directlyexecutable by the processor module 705-b but be configured to cause acomputer (e.g., when compiled and executed) to perform functionsdescribed herein. The processor module 705-b may include an intelligenthardware device, e.g., a CPU, a microcontroller, an ASIC, etc.

FIG. 8 shows a flowchart 800 illustrating a method for associating adevice with another device's network subscription. The functions offlowchart 800 may be implemented by a UE 115 or its components asdescribed with reference to FIGS. 1-7A. In certain examples, the blocksof the flowchart 800 may be performed by a device association module asdescribed with reference to FIGS. 4-7A.

At block 805, the UE 115 may obtain identification information for adevice as described above with reference to FIG. 3. The device may lackaccess credentials for the wireless network. In certain examples, thefunctions of block 805 may be performed by the device identificationmodule 505 as described above with reference to FIG. 5.

At block 810, the UE 115 may establish a connection with a wirelessnetwork based on a network credential of the UE 115 as described abovewith reference to FIG. 3. In certain examples, the functions of block810 may be performed by the connection establishment module 510 asdescribed above with reference to FIG. 5.

At block 815, the UE 115 may register the device for access to thewireless network with a network credential for the device that isdifferent from the network credential of the UE as described above withreference to FIG. 3, The registration may include associating theidentification information for the device with the network credential ofthe UE. In certain examples, the functions of block 815 may be performedby the registration module 515 as described above with reference to FIG.5.

FIG. 9 shows a flowchart 900 illustrating a method for associating adevice with another device's network subscription. The functions offlowchart 900 may be implemented by a UE 115 or its components asdescribed with reference to FIGS. 1-7A. In certain examples, the blocksof the flowchart 900 may be performed by the device association moduleas described with reference to FIGS. 4-7A. The method described inflowchart 900 may also incorporate aspects of flowchart 800 of FIG. 8.

At block 905, the UE 115 may establish a local communication link with adevice as described above with reference to FIG. 3. In certain examples,the functions of block 905 may be performed by the local communicationmodule 605 as described above with reference to FIG. 6.

At block 910, the UE 115 may obtain identification information for thedevice to establish credentials as described above with reference toFIG. 3. In certain examples, the functions of block 910 may be performedby the device identification module 505 as described above withreference to FIG. 5.

At block 915, the UE 115 may establish a connection with a wirelessnetwork based on a network credential of the UE as described above withreference to FIG. 3. In certain examples, the functions of block 915 maybe performed by the connection establishment module 510 as describedabove with reference to FIG. 5.

At block 920, the UE 115 may register the device for access to thewireless network with a network credential for the device that isdifferent from the network credential of the UE as described above withreference to FIG. 3, and the registration may include associating theidentification information for the device with the network credential ofthe UE. The network credential for the device may include at least oneof a shared key provisioned by a device manufacturer or a private-publickey pair provisioned by a device manufacturer, or a combination thereof.In certain examples, the functions of block 920 may be performed by theregistration module 515 as described above with reference to FIG. 5.

At block 925, the UE 115 may send the network credential for the devicefor over the local communication link as described above with referenceto FIG. 3. In certain examples, the functions of block 925 may beperformed by the local communication module 605 as described above withreference to FIG. 6.

FIG. 10 shows a flowchart 1000 illustrating a method for associating adevice with an existing UE subscription in accordance with variousembodiments. The functions of flowchart 1000 may be implemented by a UE115 or its components as described with reference to FIGS. 1-7. Incertain examples, the blocks of the flowchart 1000 may be performed bythe device association module as described with reference to FIGS. 4-7A.The method described in flowchart 1000 may also incorporate aspects offlowcharts 800 to 900 of FIGS. 8-9.

At block 1005, the UE 115 may obtain identification information for a asdescribed above with reference to FIG. 3. In certain examples, thefunctions of block 1005 may be performed by the device identificationmodule 505 as described above with reference to FIG. 5.

At block 1010, the UE 115 may authenticate the identificationinformation for the device by the UE as described above with referenceto FIG. 3. In certain examples, the functions of block 1010 may beperformed by the authentication module 610 as described above withreference to FIG. 6.

At block 1015, the UE 115 may determine that the device is allowed to beregistered with the wireless network as described above with referenceto FIG. 3. In certain examples, the functions of block 1015 may beperformed by the authentication module 610 as described above withreference to FIG. 6.

At block 1020, the UE 115 may establish a connection with the wirelessnetwork based on a network credential of the UE as described above withreference to FIG. 3. In certain examples, the functions of block 1020may be performed by the connection establishment module 510 as describedabove with reference to FIG. 5.

At block 1025, the UE 115 may register the device for access to thewireless network with a network credential for the device that isdifferent from the network credential of the UE as described above withreference to FIG. 3, and the registration may include associating theidentification information for the device with the network credential ofthe UE. The network credential for the device may include at least oneof a shared key provisioned by a device manufacturer or a private-publickey pair provisioned by a device manufacturer, or a combination thereof.In certain examples, the functions of block 1025 may be performed by theregistration module 515 as described above with reference to FIG. 5.

FIG. 11 shows a flowchart 1100 illustrating a method for associating adevice with an existing UE subscription in accordance with variousembodiments. The functions of flowchart 1100 may be implemented by adevice 115 that lacks a network credential, or its components, asdescribed with reference to FIGS. 1-3, and 7B. The method described inflowchart 1100 may also incorporate aspects of flowcharts 800 to 1000 ofFIGS. 8-10.

At block 1105, the device 115 may establish a connection with a UE overa local communication link as described above with reference to FIG. 3.In certain examples, the functions of block 1105 may be performed by thedevice connection module 745 as described above with reference to FIG.7B.

At block 1110, the device 115 may receive credentials for accessing thewireless network from the UE over the local communication link asdescribed above with reference to FIG. 3. The credentials for accessingthe wireless network may be different from the network credential of theUE. In certain examples, the functions of block 1110 may be performed bythe device access module 750 as described above with reference to FIG.7B.

At block 1115, the device 115 may access the wireless network utilizingthe received credentials as described above with reference to FIG. 3. Incertain examples, the functions of block 1115 may be performed by thedevice access module 750 as described above with reference to FIG. 7B.

It should be noted that the methods illustrated by flowcharts 800, 900,1000 and 1100 are example implementations, and that the operations ofthe method, and the steps may be rearranged or otherwise modified suchthat other implementations are possible.

The detailed description set forth above in connection with the appendeddrawings describes example embodiments and does not represent the onlyembodiments that may be implemented or that are within the scope of theclaims. The term “exemplary” used throughout this description means“serving as an example, instance, or illustration,” and not “preferred”or “advantageous over other embodiments.” The detailed descriptionincludes specific details for the purpose of providing an understandingof the described techniques. These techniques, however, may be practicedwithout these specific details. In some instances, well-known structuresand devices are shown in block diagram form in order to avoid obscuringthe concepts of the described embodiments.

Information and signals may be represented using any of a variety ofdifferent technologies and techniques. For example, data, instructions,commands, information, signals, bits, symbols, and chips that may bereferenced throughout the above description may be represented byvoltages, currents, electromagnetic waves, magnetic fields or particles,optical fields or particles, or any combination thereof.

The various illustrative blocks and modules described in connection withthe disclosure herein may be implemented or performed with ageneral-purpose processor, a digital signal processor (DSP), an ASIC, aFPGA or other programmable logic device, discrete gate or transistorlogic, discrete hardware components, or any combination thereof designedto perform the functions described herein. A general-purpose processormay be a microprocessor, but in the alternative, the processor may beany conventional processor, controller, microcontroller, or statemachine. A processor may also be implemented as a combination ofcomputing devices, e.g., a combination of a DSP and a microprocessor,multiple microprocessors, one or more microprocessors in conjunctionwith a DSP core, or any other such configuration.

The functions described herein may be implemented in hardware, softwareexecuted by a processor, firmware, or any combination thereof Ifimplemented in software executed by a processor, the functions may bestored on or transmitted over as one or more instructions or code on acomputer-readable medium. Other examples and implementations are withinthe scope of the disclosure and appended claims. For example, due to thenature of software, functions described above can be implemented usingsoftware executed by a processor, hardware, firmware, hardwiring, orcombinations of any of these. Features implementing functions may alsobe physically located at various positions, including being distributedsuch that portions of functions are implemented at different physicallocations. Also, as used herein, including in the claims, “or” as usedin a list of items (for example, a list of items prefaced by a phrasesuch as “at least one of” or “one or more of”) indicates a disjunctivelist such that, for example, a list of “at least one of A, B, or C, orany combination thereof” means A or B or C or AB or AC or BC or ABC(i.e., A and B and C).

Computer-readable media includes both computer storage media andcommunication media including any medium that facilitates transfer of acomputer program from one place to another. A storage medium may be anyavailable medium that can be accessed by a general purpose or specialpurpose computer. By way of example, and not limitation,computer-readable media can comprise RAM, ROM, electrically erasableprogrammable read only memory (EEPROM), compact disk (CD) ROM or otheroptical disk storage, magnetic disk storage or other magnetic storagedevices, or any other medium that can be used to carry or store desiredprogram code means in the form of instructions or data structures andthat can be accessed by a general-purpose or special-purpose computer,or a general-purpose or special-purpose processor. Also, any connectionis properly termed a computer-readable medium. For example, if thesoftware is transmitted from a website, server, or other remote sourceusing a coaxial cable, fiber optic cable, twisted pair, or digitalsubscriber line (DSL), or wireless technologies such as infrared, radio,and microwave, then the coaxial cable, fiber optic cable, twisted pair,DSL, or wireless technologies such as infrared, radio, and microwave areincluded in the definition of medium. Disk and disc, as used herein,include CD, laser disc, optical disc, digital versatile disc (DVD),floppy disk and Blu-ray disc where disks usually reproduce datamagnetically, while discs reproduce data optically with lasers.Combinations of the above are also included within the scope ofcomputer-readable media.

The previous description of the disclosure is provided to enable aperson skilled in the art to make or use the disclosure. Variousmodifications to the disclosure will be readily apparent to thoseskilled in the art, and the generic principles defined herein may beapplied to other variations without departing from the scope of thedisclosure. Thus, the disclosure is not to be limited to the examplesand designs described herein but is to be accorded the broadest scopeconsistent with the principles and novel features disclosed herein.

Techniques described herein may be used for various wirelesscommunications systems such as code division multiple access (CDMA),time division multiple access (TDMA), frequency division multiple access(FDMA), orthogonal frequency division multiple access (OFDMA), singlecarrier frequency division multiple access (SC-FDMA), and other systems.The terms “system” and “network” are often used interchangeably. A CDMAsystem may implement a radio technology such as CDMA2000, UniversalTerrestrial Radio Access (UTRA), etc. CDMA2000 covers IS-2000, IS-95,and IS-856 standards. IS-2000 Releases 0 and A are commonly referred toas CDMA2000 1X, 1X, etc. IS-856 (TIA-856) is commonly referred to asCDMA2000 1xEV-DO, High Rate Packet Data (HRPD), etc. UTRA includesWideband CDMA (WCDMA) and other variants of CDMA. A TDMA system mayimplement a radio technology such as Global System for MobileCommunications (GSM). An OFDMA system may implement a radio technologysuch as Ultra Mobile Broadband (UMB), Evolved UTRA (E-UTRA), IEEE 802.11(Wi-Fi), IEEE 802.16 (WiMAX), IEEE 802.20, Flash-OFDM, etc. UTRA andE-UTRA are part of Universal Mobile Telecommunication System (UMTS).3GPP Long Term Evolution (LTE) and LTE-Advanced (LTE-A) are new releasesof Universal Mobile Telecommunications System (UMTS) that use E-UTRA.UTRA, E-UTRA, UMTS, LTE, LTE-A, and Global System for Mobilecommunications (GSM) are described in documents from an organizationnamed “3rd Generation Partnership Project” (3GPP). CDMA2000 and UMB aredescribed in documents from an organization named “3rd GenerationPartnership Project 2” (3GPP2). The techniques described herein may beused for the systems and radio technologies mentioned above as well asother systems and radio technologies. The description above, however,describes an LTE system for purposes of example, and LTE terminology isused in much of the description above, although the techniques areapplicable beyond LTE applications.

What is claimed is:
 1. A method of wireless communication performed by a user equipment (UE), comprising: obtaining identification information for a device; establishing a connection with a cellular network based on a network credential of the UE; and registering the device for access to the cellular network with a network credential for the device that is different from the network credential of the UE, the registering comprising associating the identification information for the device with the network credential of the UE.
 2. The method of claim 1, further comprising: establishing a local communication link with the device, wherein the identification information for the device is obtained over the local communication link.
 3. The method of claim 2, further comprising: sending the network credential for the device over the local communication link.
 4. The method of claim 3, wherein the network credential for the device comprises at least one of: a subscription identity associated with the network credential of the UE or a network identifier, or any combination thereof.
 5. The method of claim 4, wherein the subscription identity comprises at least one of: a globally unique temporary identity (GUTI) or an international mobile subscriber identity (IMSI) of the UE, or any combination thereof, and wherein the network identifier comprises at least one of: a public key certificate of the cellular network, a public key of the cellular network, or a public land mobile network (PLMN) identity, or any combination thereof
 6. The method of claim 1, wherein the network credential for the device comprises at least one of: a shared key provisioned by a device manufacturer or a private-public key pair provisioned by a device manufacturer, or any combination thereof.
 7. The method of claim 1, further comprising: authenticating the identification information for the device by the UE; and determining whether the device is allowed to be registered with the cellular network.
 8. The method of claim 7, further comprising: sending an authentication request to a device authentication server.
 9. The method of claim 8, further comprising: receiving an authentication response from the device authentication server, wherein authenticating the identification information for the device is based on the authentication response.
 10. The method of claim 1, further comprising: sending the identification information to a home subscriber server (HSS) of the UE via the connection with the cellular network.
 11. The method of claim 1, wherein the obtaining the identification information for the device comprises at least one of: scanning a Quick Response (QR) code, utilizing a wireless personal area network (WPAN) connection, utilizing a universal serial bus (USB) link, utilizing a near field communication (NFC) link, utilizing a Wireless Local Area Network (WLAN) link, or accessing a uniform resource locator (URL), or any combination thereof.
 12. The method of claim 1, wherein the identification information for the device comprises at least one of: a device identifier, device parameters, a URL, a shared key of the device, a public key of the device, or a public key certificate of the device, or any combination thereof.
 13. The method of claim 1, further comprising: providing the cellular network with access restrictions for the device.
 14. The method of claim 13, wherein the access restrictions comprise at least one of: access time duration limits, time of use specifications, maximum bandwidth limits, service parameters, uplink throughput limits, or downlink throughput limits, or any combination thereof.
 15. The method of claim 1, wherein registering the device comprises: sending a registration request for the device to the cellular network via the connection.
 16. The method of claim 15, further comprising: receiving a registration acknowledgment responsive to the registration request from the cellular network via the connection.
 17. The method of claim 1, wherein the identification information for the device is of a different kind than the network credential of the UE.
 18. The method of claim 1, wherein the network credential of the UE is maintained in a universal integrated circuit card (UICC) of the UE or based on information obtained from a subscriber identity module (SIM) of the UE.
 19. The method of claim 1, wherein the network credential of the UE is provisioned by an operator of the cellular network and the identification information for the device is established by a manufacturer of the device.
 20. A method of wireless communication performed by a device, comprising: establishing a connection with a user equipment (UE) over a local communication link; receiving credentials for accessing a cellular network from the UE over the local communication link, wherein the received credentials for accessing the cellular network are different from a network credential of the UE; and accessing the cellular network utilizing the received credentials.
 21. An apparatus for wireless communication, comprising: means for obtaining identification information for a device; means for establishing a connection with a cellular network based on a network credential of the apparatus; and means for registering the device for access to the cellular network with a network credential for the device that is different from the network credential of the apparatus, the registering comprising associating the identification information for the device with the network credential of the apparatus.
 22. The apparatus of claim 21, further comprising: means for establishing a local communication link with the device, wherein the means for obtaining are operative to obtain the identification information over the local communication link.
 23. The apparatus of claim 22, further comprising: means for sending credentials for accessing the cellular network to the device over the local communication link.
 24. The apparatus of claim 23, wherein the credentials for accessing the cellular network comprise at least one of: a subscription identity associated with the network credential of the apparatus or a network identifier, or any combination thereof.
 25. The apparatus of claim 24, wherein the subscription identity comprises at least one of: a globally unique temporary identity (GUTI) or an international mobile subscriber identity (IMSI) of the apparatus, or any combination thereof, and wherein the network identifier comprises at least one of: a public key certificate of the cellular network, a public key of the cellular network, or a public land mobile network (PLMN) identity, or any combination thereof.
 26. The apparatus of claim 21, wherein the network credential for the device comprises at least one of: a shared key provisioned by a device manufacturer or a private-public key pair provisioned by a device manufacturer, or any combination thereof
 27. The apparatus of claim 21, further comprising: means for authenticating the identification information for the device; and means for determining whether the device is allowed to be registered with the cellular network.
 28. The apparatus of claim 27, further comprising: means for sending an authentication request to a device authentication server.
 29. The apparatus of claim 28, further comprising: means for receiving an authentication response from the device authentication server, wherein the means for authenticating are operative to authenticate based on the authentication response.
 30. The apparatus of claim 21, further comprising: means for sending the identification information to a home subscriber server (HSS) of the apparatus via the connection with the cellular network.
 31. The apparatus of claim 21, wherein the means for obtaining the identification information comprise at least one of: means for scanning a Quick Response (QR) code, means for utilizing a wireless personal area network (WPAN) connection, means for utilizing a universal serial bus (USB) link, means for utilizing a near field communication (NFC) link, means for utilizing a Wireless Local Area Network (WLAN) link, or means for accessing a uniform resource locator (URL), or any combination thereof.
 32. The apparatus of claim 21, wherein the identification information for the device comprises at least one of: a device identifier, device parameters, a URL, a shared key of the device, a public key of the device, or a public key certificate of the device, or any combination thereof.
 33. The apparatus of claim 21, further comprising: means for providing the cellular network with access restrictions for the device.
 34. The apparatus of claim 33, wherein the access restrictions comprise at least one of: access time duration limits, time of use specifications, maximum bandwidth limits, service parameters, uplink throughput limits, or downlink throughput limits, or any combination thereof.
 35. The apparatus of claim 21, wherein the means for registering the device comprise: means for sending a registration request for the device to the cellular network via the connection.
 36. The apparatus of claim 35, further comprising: means for receiving a registration acknowledgment responsive to the registration request from the cellular network via the connection.
 37. The apparatus of claim 21, wherein the identification information for the device is of a different kind than the network credential of the apparatus.
 38. The apparatus of claim 21, wherein the network credential of the apparatus is maintained in a universal integrated circuit card (UICC) or based on information obtained from a subscriber identity module (SIM).
 39. The apparatus of claim 21, wherein the network credential of the apparatus is provisioned by an operator of the cellular network and the identification information for the device is established by a manufacturer of the device.
 40. An apparatus for wireless communication, comprising: means for establishing a connection with a user equipment (UE) over a local communication link; means for receiving credentials for accessing a cellular network from the UE over the local communication link, wherein the received credentials for accessing the cellular network are different from a network credential of the UE; and means for accessing the cellular network utilizing the received credentials.
 41. An apparatus for wireless communication, comprising: at least one processor; memory in electronic communication with the at least one processor; and instructions stored in the memory and operable, when executed by the at least one processor, to cause the apparatus to: obtain identification information for a device; establish a connection with a cellular network based on a network credential of the apparatus; and register the device for access to the cellular network with a network credential for the device that is different from the network credential of the apparatus by associating the identification information for the device with the network credential of the apparatus.
 42. The apparatus of claim 41, the instructions being operable to cause the apparatus to: establish a local communication link with the device; and obtain the identification information for the device over the local communication link.
 43. The apparatus of claim 42, the instructions being operable to cause the apparatus to: send the network credential for the device over the local communication link.
 44. The apparatus of claim 43, wherein the network credential for the device comprises at least one of: a subscription identity associated with the network credential of the apparatus or a network identifier, or any combination thereof.
 45. The apparatus of claim 44, wherein the subscription identity comprises at least one of: a globally unique temporary identity (GUTI) or an international mobile subscriber identity (IMSI) of the apparatus, or any combination thereof, and wherein the network identifier comprises at least one of: a public key certificate of the cellular network, a public key of the cellular network, or a public land mobile network (PLMN) identity, or any combination thereof
 46. The apparatus of claim 41, wherein the network credential for the device comprises at least one of: a shared key provisioned by a device manufacturer or a private-public key pair provisioned by a device manufacturer, or any combination thereof
 47. The apparatus of claim 41, the instructions being operable to cause the apparatus to: authenticate the identification information for the device by the apparatus; and determine whether the device is allowed to be registered with the cellular network.
 48. The apparatus of claim 47, the instructions being operable to cause the apparatus to: send an authentication request to a device authentication server.
 49. The apparatus of claim 48, the instructions being operable to cause the apparatus to: receive an authentication response from the device authentication server; and authenticate the identification information for the device based on the authentication response.
 50. The apparatus of claim 41, the instructions being operable to cause the apparatus to: send the identification information to a home subscriber server (HSS) of the apparatus via the connection with the cellular network.
 51. The apparatus of claim 41, wherein the instructions to obtain the identification information comprise instructions operable to cause the apparatus to: scan a Quick Response (QR) code, utilize a wireless personal area network (WPAN) connection, utilize a universal serial bus (USB) link, utilize a near field communication (NFC) link, utilize a Wireless Local Area Network (WLAN) link, or access a uniform resource locator (URL), or any combination thereof.
 52. The apparatus of claim 41, wherein the identification information for the device comprises at least one of: a device identifier, device parameters, a URL, a shared key of the device, a public key of the device, or a public key certificate of the device, or any combination thereof.
 53. The apparatus of claim 41, the instructions being operable to cause the apparatus to: provide the cellular network with access restrictions for the device.
 54. The apparatus of claim 53, wherein the access restrictions comprise at least one of: access time duration limits, time of use specifications, maximum bandwidth limits, service parameters, uplink throughput limits, or downlink throughput limits, or any combination thereof.
 55. The apparatus of claim 41, the instructions being operable to cause the apparatus to: send a registration request for the device to the cellular network via the connection.
 56. The apparatus of claim 55, the instructions being operable to cause the apparatus to: receive a registration acknowledgment responsive to the registration request from the cellular network via the connection.
 57. The apparatus of claim 41, wherein the identification information for the device is of a different kind than the network credential of the apparatus.
 58. The apparatus of claim 41, wherein the network credential of the apparatus is maintained in a universal integrated circuit card (UICC) of the apparatus or based on information obtained from a subscriber identity module (SIM) of the apparatus.
 59. The apparatus of claim 41, wherein the network credential of the apparatus is provisioned by an operator of the cellular network and the identification information for the device is established by a manufacturer of the device.
 60. An apparatus for wireless communication, comprising: at least one processor; memory in electronic communication with the at least one processor; and instructions stored in the memory and operable, when executed by the at least one processor, to cause the apparatus to: establish a connection with a user equipment (UE) over a local communication link; receive credentials for accessing a cellular network from the UE over the local communication link, wherein the received credentials for accessing the cellular network are different from a network credential of the UE; and access the cellular network utilizing the received credentials.
 61. A non-transitory computer-readable medium storing code for wireless communication, the code comprising instructions executable to: obtain identification information for a device; establish a connection with a cellular network based on a network credential of a user equipment (UE); and register the device for access to the cellular network with a network credential for the device that is different from the network credential of the UE by associating the identification information for the device with the network credential of the UE.
 62. The non-transitory computer-readable medium of claim 61, the instructions being further executable to: establish a local communication link with the device, and obtain the identification information for the device over the local communication link.
 63. The non-transitory computer-readable medium of claim 62, the instructions being further executable to: send credentials for accessing the cellular network to the device over the local communication link.
 64. The non-transitory computer-readable medium of claim 61, the instructions being further executable to: authenticate the identification information for the device by the UE; and determine whether the device is allowed to be registered with the cellular network.
 65. A non-transitory computer-readable medium storing code for wireless communication, the code comprising instructions executable to: establish a connection with a user equipment (UE) over a local communication link; receive credentials for accessing a cellular network from the UE over the local communication link, wherein the received credentials for accessing the cellular network are different from a network credential of the UE; and access the cellular network utilizing the received credentials. 